// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package securitycenter

import (
	"fmt"
	"time"

	"github.com/hashicorp/go-azure-helpers/lang/pointer"
	"github.com/hashicorp/go-azure-helpers/lang/response"
	"github.com/hashicorp/go-azure-helpers/resourcemanager/commonids"
	"github.com/hashicorp/go-azure-sdk/resource-manager/security/2023-05-01/servervulnerabilityassessmentssettings"
	"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
	"github.com/hashicorp/terraform-provider-azurerm/internal/services/securitycenter/parse"
	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation"
	"github.com/hashicorp/terraform-provider-azurerm/internal/timeouts"
)

func resourceSecurityCenterServerVulnerabilityAssessmentsSetting() *pluginsdk.Resource {
	return &pluginsdk.Resource{
		Create: resourceSecurityCenterServerVulnerabilityAssessmentsSettingCreateOrUpdate,
		Read:   resourceSecurityCenterServerVulnerabilityAssessmentsSettingRead,
		Update: resourceSecurityCenterServerVulnerabilityAssessmentsSettingCreateOrUpdate,
		Delete: resourceSecurityCenterServerVulnerabilityAssessmentsSettingDelete,

		Importer: pluginsdk.ImporterValidatingResourceId(func(id string) error {
			_, err := parse.VulnerabilityAssessmentsSettingID(id)
			return err
		}),

		Timeouts: &pluginsdk.ResourceTimeout{
			Create: pluginsdk.DefaultTimeout(10 * time.Minute),
			Read:   pluginsdk.DefaultTimeout(5 * time.Minute),
			Update: pluginsdk.DefaultTimeout(10 * time.Minute),
			Delete: pluginsdk.DefaultTimeout(10 * time.Minute),
		},

		Schema: map[string]*pluginsdk.Schema{
			"vulnerability_assessment_provider": {
				Type:         pluginsdk.TypeString,
				Required:     true,
				ValidateFunc: validation.StringInSlice(servervulnerabilityassessmentssettings.PossibleValuesForServerVulnerabilityAssessmentsAzureSettingSelectedProvider(), false),
			},
		},
	}
}

func resourceSecurityCenterServerVulnerabilityAssessmentsSettingCreateOrUpdate(d *pluginsdk.ResourceData, meta interface{}) error {
	client := meta.(*clients.Client).SecurityCenter.ServerVulnerabilityAssessmentSettingClient
	subscriptionId := commonids.NewSubscriptionID(meta.(*clients.Client).Account.SubscriptionId)
	ctx, cancel := timeouts.ForUpdate(meta.(*clients.Client).StopContext, d)
	defer cancel()

	id := parse.NewVulnerabilityAssessmentsSettingID(subscriptionId.SubscriptionId, "AzureServersSetting")

	if d.IsNewResource() {
		existing, err := client.Get(ctx, subscriptionId)
		if err != nil {
			if !response.WasNotFound(existing.HttpResponse) {
				return fmt.Errorf("checking for presence of existing %s: %v", id, err)
			}

			if existing.Model != nil {
				if azureServersSetting, ok := existing.Model.(servervulnerabilityassessmentssettings.AzureServersSetting); ok && azureServersSetting.Properties != nil && azureServersSetting.Properties.SelectedProvider != "" {
					return tf.ImportAsExistsError("azurerm_security_center_server_vulnerability_assessments_setting", id.ID())
				}
			}
		}
	}

	setting := servervulnerabilityassessmentssettings.AzureServersSetting{
		Type: pointer.To("AzureServersSetting"),
		Name: pointer.To("AzureServersSetting"),
		Properties: &servervulnerabilityassessmentssettings.ServerVulnerabilityAssessmentsAzureSettingProperties{
			SelectedProvider: servervulnerabilityassessmentssettings.ServerVulnerabilityAssessmentsAzureSettingSelectedProvider(d.Get("vulnerability_assessment_provider").(string)),
		},
	}

	if _, err := client.CreateOrUpdate(ctx, subscriptionId, setting); err != nil {
		return fmt.Errorf("creating %s: %+v", id, err)
	}

	d.SetId(id.ID())
	return resourceSecurityCenterServerVulnerabilityAssessmentsSettingRead(d, meta)
}

func resourceSecurityCenterServerVulnerabilityAssessmentsSettingRead(d *pluginsdk.ResourceData, meta interface{}) error {
	client := meta.(*clients.Client).SecurityCenter.ServerVulnerabilityAssessmentSettingClient
	ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
	defer cancel()

	id, err := parse.VulnerabilityAssessmentsSettingID(d.Id())
	if err != nil {
		return err
	}

	resp, err := client.Get(ctx, commonids.NewSubscriptionID(id.SubscriptionId))
	if err != nil {
		if response.WasNotFound(resp.HttpResponse) {
			d.SetId("")
			return nil
		}

		return fmt.Errorf("retrieving %s: %+v", *id, err)
	}

	if resp.Model != nil {
		if azureServersSetting, ok := resp.Model.(servervulnerabilityassessmentssettings.AzureServersSetting); ok && azureServersSetting.Properties != nil {
			d.Set("vulnerability_assessment_provider", azureServersSetting.Properties.SelectedProvider)
		}
	}

	return nil
}

func resourceSecurityCenterServerVulnerabilityAssessmentsSettingDelete(d *pluginsdk.ResourceData, meta interface{}) error {
	client := meta.(*clients.Client).SecurityCenter.ServerVulnerabilityAssessmentSettingClient
	ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d)
	defer cancel()

	id, err := parse.VulnerabilityAssessmentsSettingID(d.Id())
	if err != nil {
		return err
	}

	if _, err := client.Delete(ctx, commonids.NewSubscriptionID(id.SubscriptionId)); err != nil {
		return fmt.Errorf("disabling %s: %+v", id, err)
	}

	return nil
}
